But requirement is to only allow new connections from your LAN (eth1.3) to other subnet (eth2)? new connections in opposite directions should be allowed to?
For better analsis, all firewall configuration might be useful… Otherwise, it’s difficult to say what rules are being used